Change History (2)

As noted in the answers on that StackOverflow post, the csrf_exempt decorator is the correct solution here. I'll leave it to an official triager or core dev to decide on this ticket, but I'm guessing it'll be a wontfix...